Sign E-Mails
Add S/MIME to e-mail templates for signing e-mails.
The required key pair shall be manageable via the GUI and the keys themself persisted in a DB. If no key pair is available (e.g. not uploaded yet), e-mails shall be send unsigned. Otherwise signed.
The public key shall be downloadable via a REST endpoint.
Their is always only be one key pair at the same time. Key pairs are deletable and can be replaced
Implementation
UI
- "Email-Templates" in the navigation bar on the left side became "Emails"
- The list-email-templates page became show-email-overview (incl renaming of backing bean)
- The show-email-overview uses
p:panel
to structurally separate the existing templates overview from the new signature overview - The signature overview on the show-email-overview page features
- A message if signature keys are available or not
- A download button for the certificates
- An edit button leading to a edit page (which is equivalent to the one for the templates)
- A delete button leading to a confirmation page
- Buttons are disabled, if the action makes no sense, e.g. certificate download without existing keys
- messages.properties for de, en und fr were updated
Management of crypto keys
- Keys are stored in a Java
KeyStore
- Key stores are stored in the DB as base64 encoded blobs in the
KeyStoreEntity
; the DB data type is TEXT (Postgres) - Key stores are discriminated by scenario using 'KeyStoreEntity.context' as unique attribute
- Key stores are usually accessed and used via the
KeyStoreService
- Key stores and key entries are not encrypted at the moment
- Bouncy-Castle was used for Parsing from and Writing to PEM-formatted string
Edited by tl9793